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(57) ABSTRACT 

A database system for personal information includes storing 
personal information in a database remote from the person 
using the public key of a person as a record identifier. The 
person's public key is published on a card, which may be a 
physical card or a virtual card, published on an Internet site 
in unencrypted form, together with unencrypted demo- 
graphic information of the user. The person's public key is 
a unique identifier which becomes the person's record 
identifier, as well as possibly a social security number, 
medical record number, tax identification number, insurance 
file number, etc. The card contains the person's public key 
in eye readable and machine readable format, such as 
bar-coded format and can be used to gain access to personal 
information in the database. In an alternate embodiment the 
personal information may additionally be encrypted with the 
public key of a target agency, such as an insurance company 
or a bank. The target agency for the personal information 
obtains the card and gains access to the information by 
scanning the bar code and using the acquired public key of 
the person, plus its own private key to decrypt the informa- 
tion. 

15 Claims, 2 Drawing Sheets 




07/01/2004, EAST Version: 1.4.1 



U.S. Patent Feb. 18, 2003 Sheet 1 of 2 



US 6,523,116 Bl 




07/01/2004, EAST Version: 1.4.1 



U.S. Patent 



Feb. 18, 2003 



Sheet 2 of 2 



US 6,523,116 Bl 




07/01/2004, EAST Version: 1.4.1 



US 6,523,116 Bl 

1 2 

SECURE PERSONAL INFORMATION CARD may be a virtual card published on the Internet. A targeted 

DATABASE SYSTEM agency recipient of such a card, reads the bar code to obtain 

the person's public key. The recipient agency then can 
access the database to obtain the person's information. The 

TECHNICAL FIELD OF THE INVENTION 5 person can update or cancel his information, public or 

private, with his private key, by accessing the database. A 

The present invention relates generally to a method and person's demographic information is at a low security level, 

apparatus for personal information data storage and retrieval perhaps However, information for a targeted 

system. More specifically, the invention is directed to the use agency ^ encrypt ed with the user's private key and the 

of information provided on personal cards for use with a JQ agenC y' s public key 

database operated by targeted recipients of such cards. lfl a variation * of the a]ternate embodimen t an 

BACKGROUND ART organization, such as an Internet Service Provider (ISP), can 

" i ^ * vi become an escrow holder of the information. The ISP is 

The use of traditional printed cards for database purposes treated as a target agency using public key-private key 

is exemplified by social security cards, business cards, credit 15 encryption so that only the ISP has access to the information, 

cards, medical cards of various types, etc. Oftentimes busi- When the person sends the ISP a secure message to direct the 

ness cards, medical record cards, and other cards relate to information to a particular target agency, the ISP uses the 

data which requires revision. Accordingly, the holder of the target agency's public key and its own private key to 

card must supply new information. In addition, certain re-encrypt the person's information for the target agency, 

organizations such as insurance companies or persons build- 20 BRIEF DESCRIPTION OF THE DRAWINGS 
ing databases must deal with large amounts of changing 

personal information. FIG - 1 shows thc s y stcm components of the invention. 

An alternative to the use of paper cards is a practice FIG ' 2 shows the information flow among the system 

commonly used at trade shows. The exchange of informa- componen o 

tion occurs by using plastic cards with a magnetic stripe . The 25 BEST MODE FOR CARRYING OUT THE 
plastic cards allow exhibitors and others to take a swipe of INVENTION 
the plastic magnetic card. To obtain a plastic card, a person wilh reference to FIG . ly a person's publicly available 
completes a form with information which is entered into a personal information card 100 typically will include demo- 
database. Exhibitors and others are thus able to collect graphic mforma tion such as the person's name, 
information without having to collect stacks of business organization, telephone numbers for voice and fax lines, an 
cards. An exhibitor then accesses the database to obtain email address and so on. The card would also contain the 
personal information about a contact, make phone calls, person's pubhc key number, in an optically readable format 
generate mailings, and several other functions. as well ^ mach j nc scannable indicia, such as bar-coded 
However, not unlike business cards, this information is 35 information 102 printed on the card. The bar-encoded infor- 
likely to become outdated, as change is inevitable. There is mation is the person's public key which could be provided 
a need to enable the person whose personal information is to the person by a database service provider 160, or by a firm 
used by others to easily update such information whether accessed through the service provider on the Internet, 
such information is demographic, medical, insurance, tax or Bar code 102 can be read by a scanning device 122, 
other personal information. It is desirable that these updates 4Q typically a bar code reader. The scanning device may 
are secure and low cost so that the user is encouraged to employ wireless communication with the computer 120. The 
make updates so that current information is always avail- scanning device is attached to a personal computer 120 or 
able. Security and privacy are becoming major issues as hand-held computer. The computer includes software which 
personal information databases proliferate. It is an object of operates the scanning device and receives data from the 
the invention to devise a personal information database ^ device. 

system which ensures privacy and secure access so that 45 Thc ' ^puter 120 also includes tele-communication 

people have confidence in use of the database system. hardware and software (not shown) for connection to a 

publicly accessible network 180. For example, the computer 
120 may connect to the telephone network via a modem. 

The above object has been met with a database system 50 Although not shown, computer 120 may be a node in a local 

which includes providing a public and a private crypto- area network that has access to the pubhc network 180, 

graphic key to a person. The person publishes the public key either by wire or wireless means. 

in a convenient format, such as a bar-coded or other machine A database service provider 160 is connected to the pubhc 

readable or eye readable format on a paper or business card network 180, The database service provides access to its 

and publishes the card by distribution to others. The person's 55 databases via transactions made over network 180. 

demographic information is read into a computer database, Typically, the database service includes one or more data- 

usually remote from the user and indexed by the person's base engine servers which may be linked together via a local 

public key. The demographic information is not encrypted. area network to one or more disk servers. Whatever internal 

The public key is a unique identifier of the database record conGguration that database service 160 has, there is at least 

of the person. The person's demographic information is 60 one communication link to network 180 which permits 

retrieved from the database by using the person's pubhc key access by the public. 

as a record identifier. In an alternate embodiment, A second personal computer 140 provides access to the 

information, intended only for specific targeted users or database service 160 by the person who is the dispenser of 

agencies, such as an insurance company, is encrypted with business card 100. like computer 120, computer 140 

the person's private key and the targeted agency's public 65 includes the hardware and software needed to gain access to 

key. The card may be a physical card of the type now the service over the network 180, either by wire or wireless 

commonly carried in wallets or purses as business cards, or means. 
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Refer now to FIG. 2 for a description of the flow of 
information in accordance with the preferred embodiment of 
the invention. Initially, a person will establish an account 
with service provider 160. The series of transactions needed 
to do this are represented by data flows 202 and 204. While 
communication by computers is preferred, communication 
by fax or even by mail is possible. Having done so, service 
provider 160, or a firm accessed through the service 
provider, will provide to the user a pair of encryption keys 
including a public cryptographic key and a private crypto- 
graphic key which operate under the RSA public key-private 
key protocol, or a similar two key protocol. The person then 
publishes a card or set of cards, each bearing the public key 
in the formats previously described. Using the private key, 
the person accesses the database to input, change or delete 
his or her non-encrypted information. The card may be 
printed or otherwise formed in wallet size versions or may 
be a virtual card, viewable on the Internet or other wide area 
communications network. A recipient of the card gains 
access to the information by applying the public key from 
the card to the database to obtain the person's non-encrypted 
information, using the person's public key as a unique 
identifier of the person, i.e. an information locator number. 

An alternate embodiment of the invention contemplates 
using the public/private key encryption technique for infor- 
mation targeted to special agencies, such as insurance 
companies, doctors, accountants, etc. This technique uses an 
encryption algorithm which can encrypt information using 
one key set, i.e. the person's private key and the public key 
of the targeted agency. The target agency decrypts the 
encrypted information using another key set, i.e. the public 
key of the person and its private key. An advantage of this 
system is that the agency using the public key of a person to 
decrypt the coded message targeted for it is secure in 
believing that the encoded message was really produced by 
the holder of the encoding key. 

A recipient of the card, such as a target agency, would 
scan or otherwise read the bar code using scanner 122 or the 
public key can be entered by hand for an eye readable key. 
The bar code information 222 is read by computer 120 and 
stored in computer 120. The targeted agency then accesses 
database 160 to obtain the user's encrypted information 214, 
which is stored locally in computer 120. The public key of 
the person and the agency's private key is then applied to the 
encrypted information to produce a comprehensible version 
of the user's information. Of course, the person's public key 
will permit only read access to the user's information. Write 
access requires a private key. 

Alternatively, the person encrypts personal information 
using the person's private key and the public key of the 
database service. The database service then applies the 
person's public key as well as its own private key to decrypt 
the person's encoded information. The decoded information 
would then be re-encrypted and then transmitted to the 
targeted agency's computer 120 using the private key of the 
database service and the public key of the target agency. This 
alternate approach has the advantage of allowing a user to 
select an number of target agencies without the Deed to 
encrypt the information each time, yet the personal infor- 
mation may remain encrypted at all times. That task is 
performed by the database service provider. 

The use of a publicly accessible database 160 has the 
advantage of allowing a person to maintain his or her 
information and updating it as the need arises. The indepen- 
dence of the database from the person allows for the person 
to relocate or the targeted agency to relocate without having 
to change how the person's information is obtained by the 
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other party. Changes in demographics, such as changes in a 
personal phone number or company affiliation or job title, 
can be electronically updated without one-to-one notifica- 
tion by parties. Database software on the agency or indi- 

5 vidual user's device (PC or palmtop wireless) can update 
demographic information and keep it current in bulk by 
synchronizing all the known public keys against the data- 
base service's database. From the agency's point of view, 
there is a sense of security knowing that only a specific 

10 person can change his or her information in the database, 
and so the information will always be valid. From the 
person's point of view, any encrypted information is held 
privately and communicated securely. 

In accord with the present invention, the person's public 

15 key is a unique, multi-purpose data word which can be an all 
purpose records identifier, such as a social security identifier 
and a medical file identifier and an insurance file identifier, 
etc. Care must be taken to ensure that every person who will 
enter the database has unique data words as a key set, i.e. 

20 public and private keys. This means that data words which 
are private and public keys will be long because potentially 
every person in the country now and in the future will need 
unique public and private keys. For this reason, machine 
readable indicia are the preferred form for printed versions 

25 of these data words. 
What is claimed is: 

1. A method for accessing information about a user, the 
method comprising: 

providing a publicly accessible database; 

providing a private cryptographic key to a user, permitting 

read, write and modify access to the user's information 

in the database; 
associating a public cryptographic key with the user 
35 information permitting read-only access to the user 

information in the database; 
encoding the public key in a data format on business cards 

of the user; and 
distributing the business cards to recipients who can gain 
40 access to the user's information by reading the data 

format to obtain the public key and applying the public 

key to the database to obtain the user information. 

2. The method of claim 1 further including scanning the 
data format of the business card to obtain the public key. 

45 3, The method of claim 1 further including storing the 
obtained user's information on a data store of the recipient. 

4. The method of claim 2 wherein the data format is a bar 
code format, 

5. The method of claim 2 wherein the data format is an 
50 e y c readable format. 

6. A cryptographic data access method of the public and 
private key type comprising: 

obtaining information associated with a person having a 
private key and a public key and storing a version of the 
55 information encrypted with the person's private key in 
an online database; 

recording the person's public key on business cards of the 
person, 

60 distributing the business cards to others for whom the 
stored information is intended, 
whereby a recipient of the business card gains access to 
the information by applying the person's public key to 
the database to obtain the information. 
65 7. The method of claim 6 wherein the step of recording 
includes printing the public key as coded indicia on the 
business cards. 
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8. The method of claim 7 wherein said card is published 
by printing on a wallet size card. 

9. The method of claim 7 wherein said card is published 
by distribution on a wide area communications network. 

10. The method of claim 7 wherein the coded indicia are s 
bar-code data. 

11. The method of claim 7 wherein the coded indicia 
comprises optically readable data. 

12. The method of claim 6 wherein the information 
associated with the person includes demographic informa- 10 
tion. 

13. The method of claim 6 wherein the storing of infor- 
mation in an online database is remote from the recipients of 
the business cards. 

14. The method of claim 6 further defined by targeting 15 
said information to an agency having a private key and a 
public key comprising: 

encrypting said information with the agency's public key 
as well as the person's private key and storing the 
encrypted information in a database, 20 

whereby the target agency gains access to the encrypted 
information by applying the person's public key and 
the agency's private key. 
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15. The method of claim 6 further defined by targeting 
said information to a selected one of a plurality of possible 
target agencies, each agency having a unique private and 
public key comprising: 

transmitting the person's personal information to a data- 
base service provider using the provider's public key 
and the person's private key to encrypt the personal 
information, 

decrypting the person's personal information by the pro- 
vider using the provider's private key and the person's 
public key and re-encrypting the personal information 
using the provider's private key and the selected target 
agency's public key, 

transmitting the re-encrypted personal information to the 
selected target agency, 

whereby the target agency gains access to the information 
by applying the provider's public key and the agency's 
private key. 

***** 
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